Multiple Vulnerabilities in RUGGEDCOM ROS Devices

Plan Patch8.8SSA-083019Jul 8, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in the RUGGEDCOM Operating System (ROS) affect industrial managed switches and routers across the RS, RSG, RST, RMC, RP, and i-series product lines. The vulnerabilities involve weak cryptographic implementation (CWE-327), improper error handling (CWE-755), and insufficient resource validation (CWE-693). These weaknesses could allow network-based attackers to read sensitive data, modify device configurations, or disrupt device operations. Only select V5.X variants have patches available (version 5.10.0 or later). Most V4.X devices and all-version-affected products have no fix planned.

What this means

What could happen

Multiple weaknesses in RUGGEDCOM ROS devices could allow an attacker on the network to read sensitive data, modify configurations or commands, or stop the device from operating. The majority of affected devices have no patch available.

Who's at risk

Water and utility organizations that operate RUGGEDCOM industrial switches, routers, and managed network devices in their OT networks. This affects equipment deployed at substations, water treatment facilities, distribution control centers, and other critical infrastructure using Siemens managed switches and gateways. RUGGEDCOM devices are deployed across the RS, RSG, RST, RMC, RP, and i-series product lines.

How it could be exploited

An attacker with access to the network where RUGGEDCOM devices are deployed could exploit weak cryptography (CWE-327), missing error handling (CWE-755), and improper resource validation (CWE-693) to access the device, read network traffic or stored data, and potentially alter routing or security settings on these industrial switches and gateways.

Prerequisites

Network access to the RUGGEDCOM device
Device must be on a network reachable by the attacker
No authentication required for some attack vectors

No authentication required for some variantsRemotely exploitable over networkLow attack complexityAffects network infrastructure critical to operationsMajority of devices have no fix plannedWeak cryptography usedNo patch available for many common variants

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (87)

34 with fix53 pending

ProductAffected VersionsFix Status

RUGGEDCOM i800All versionsNo fix yet

RUGGEDCOM i803All versionsNo fix yet

RUGGEDCOM M2100All versionsNo fix yet

RUGGEDCOM M2200All versionsNo fix yet

RUGGEDCOM M969All versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDisable unnecessary features on RUGGEDCOM devices and apply firewall rules to limit access to management ports to authorized workstations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

RUGGEDCOM RMC8388 V5.X

HOTFIXUpdate all RUGGEDCOM RMC8388 V5.X, RS416Pv2 V5.X, RS416v2 V5.X, RS900 (32M) V5.X, RSG2488 V5.X, and RSG-series V5.X devices to firmware version 5.10.0 or later during scheduled maintenance windows

Long-term hardening

0/2

HARDENINGFor RUGGEDCOM V4.X and all-version-affected devices without patches available (i800, i801, i802, i803, M2100, M2200, M969, RMC30, RP110, RS1600 series, RS400 series, RS8000 series, RS900 series without v5, RSG2100, RSG2100P, RSG2200, RSG2300, RSL910, RST series variants), implement network segmentation to restrict access to these devices to only authorized management systems and isolated industrial network zones

HARDENINGMonitor RUGGEDCOM devices for unexpected configuration changes and unauthorized access attempts. Review Siemens advisories regularly for updates on fixes for unpatched device variants

CVEs (4)

CVE-2023-52236 CVE-2025-41222 CVE-2025-41223 CVE-2025-41224

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f4f7cafe-7062-40e6-bfee-bc5dde291cd0